Hi Kees Cook, have you read the forum post and not only hggdh's statement? Then you would have read what I wrote about exploiting alias and why this is many times harder and about "other tricks": What do you mean with that and please stop talking about userlvl trojans or keylogger because as I pointed very clearly out int the forum it's not possible to steal root-pwd with them. No userlvl keylogger can sniff the sudo password!
And just because other distros have the same bug, doesn't mean it is good, does it? And also this stupid example with physical access...I'm really sick that I even mentioned it but never thought people would understand it so mindless.... The point is that with this bug, tell me any!! reason why someone shouldn't work as root the whole time like windows users do? Please any reason because with this bug there's no difference. A virus can use this and become as harmfull as any windows one. A hacker can exploit a userlvl application and get root without any need of a local root exploit. Really with this bug you don't have to tell people not to work as root because there's no frontier between root and user account. But I'm outta here, if even the ubuntu staff doesn't care why should I, but dare you to tell you haven't been warned because I know for exaclty that this is activly being abused to root linux boxes! I didn't pulled that out of my magical hat... -- getting the root password through .bashrc and a fakesudo https://bugs.launchpad.net/bugs/127116 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
